###左右滑动 [root@localhost /]# chmod 755 /home/user [root@localhost /]# cd /home/ [root@localhost home]# ls -l total 0 drwxr-xr-x 10 user user 322 Nov 13 11:12 user [root@localhost home]#
通过上述修改后,ssh成功免密登录到了server,使用debug可以看到'debug3: receive packet: type 60'的log:
###左右滑动 debug1: Next authentication method: publickey debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:6FXZFw9asi0MiG2qHOnraHVYoVWq09zq/FwR rOtrz4 debug3: send packet: type 50 debug2: we sent a publickey packet, waitfor reply debug3: receive packet: type 60 debug1: Server accepts key: /home/user/.ssh/id_rsa RSA SHA256:6FXZFw9asi0MiG2qHOnraHVYoVWq09zq/FwR rOtrz4 debug3: sign_and_send_pubkey: RSA SHA256:6FXZFw9asi0MiG2qHOnraHVYoVWq09zq/FwR rOtrz4 debug3: sign_and_send_pubkey: signing using rsa-sha2-256
综上,在免密登录的设定下,server上各个文件夹和文件有相对严格的权限和所属要求,罗列如下:
###左右滑动 # /home文件夹的权限是755,所属于root的用户和用户组 [user@localhost ~]$ ls -ld /home/ drwxr-xr-x 3 root root 28 Nov 1 07:48 /home/
# 用户家目录的权限是755,所属于用户自己和用户所在的组 [user@localhost ~]$ ls -ld /home/user/ drwxr-xr-x 10 user user 322 Nov 13 11:12 /home/user/
# .ssh这个文件夹权限是700,所属于用户自己和用户所在的组 [user@localhost ~]$ ls -ld /home/user/.ssh/ drwx------ 2 user user 100 Nov 13 11:13 /home/user/.ssh/
# .ssh文件夹下的文件所属于用户自己和用户所在的组,具体权限是authorized_keys和id_rsa是600,id_rsa.pub和known_hosts是640 [user@localhost ~]$ ls -l /home/user/.ssh/ total 16 -rw------- 1 user user 582 Nov 13 11:13 authorized_keys -rw------- 1 user user 2622 Nov 13 11:13 id_rsa -rw-r----- 1 user user 582 Nov 13 11:13 id_rsa.pub -rw-r----- 1 user user 172 Nov 13 11:13 known_hosts [user@localhost ~]$
###左右滑动 ## 切换到家目录 <client userabc>@hostname ~$ cd ~
## 查看是否生成过公钥私钥对 <client userabc>@hostname ~$ ls -l .ssh/
## 如果没有才可以使用ssh-keygen创建公钥私钥对 <client userabc>@hostname ~$ ssh-keygen Generating public/private rsa key pair. Enter file inwhich to save the key (/home/<client userabc>/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/<client userabc>/.ssh/id_rsa Your public key has been saved in /home/<client userabc>/.ssh/id_rsa.pub The key fingerprint is: SHA256:52dVJoqzNGM7F85518gzHUcTKFugsBTU8wwMruholm8 <client userabc>@hostname The key's randomart image is: ---[RSA 3072]---- | .*= .. .. | | o o=.. o .| | o .= .. | | . . = . =.| | . . S O o ...| | = O = o | | = . = B * | |o .E = . | | .. | ----[SHA256]-----